SepCreateSystemProcessToken calls ObCreateObject like this:
Status = ObCreateObject(KernelMode,
SepTokenObjectType,
NULL,
KernelMode,
NULL,
sizeof(TOKEN),
0,
0,
(PVOID*)&AccessToken);
the ObjectAttributes parameter is set to NULL,and ObCreateObject passes
ObjectAttributes to call ObpCaptureObjectAttributes like this:
Status = ObpCaptureObjectAttributes(ObjectAttributes,
ProbeMode,
FALSE,
ObjectCreateInfo,
&ObjectName);
and in ObpCaptureObjectAttributes ,there's a check condition that checks if
ObjectAttributes is NULL, if ObjectAttributes is NULL,it will cause
ObpCaptureObjectAttributes fail,and then cause ObCreateObject fail,then
cause SepCreateSystemProcessToken fail,and the return value of
SepCreateSystemProcessToken will ever be NULL.
Could someone explain why???am i wrong??